Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat etcd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5408
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader ac...
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
Redhat Openshift Container Platform 4.14
NA
CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary ...
Redhat Openshift 4.11
4
CVSSv2
CVE-2020-15114
In etcd prior to 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of...
Redhat Etcd
Fedoraproject Fedora 32
5.8
CVSSv2
CVE-2020-15136
In ectd prior to 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverE...
Redhat Etcd
Fedoraproject Fedora 32
5
CVSSv2
CVE-2020-15115
etcd prior to 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an malicious user to guess or brute-force users' passwords with little computational effort.
Redhat Etcd
Fedoraproject Fedora 32
6.8
CVSSv2
CVE-2018-16886
etcd versions 3.2.x prior to 3.2.26 and 3.3.x prior to 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a val...
Etcd Etcd
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Fedoraproject Fedora 30
6.8
CVSSv2
CVE-2018-1098
A cross-site request forgery flaw was found in etcd 3.3.1 and previous versions. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or ...
Redhat Etcd
Fedoraproject Fedora 30
2.1
CVSSv2
CVE-2018-1099
DNS rebinding vulnerability found in etcd 3.3.1 and previous versions. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
Redhat Etcd
Fedoraproject Fedora 30
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started